Authentication attempts limited to 1 every second to prevent bruteforce attack.

If password protection is not enabled, device will be locked 30 seconds after being plugged into USB port. When locked, it will be not possible to: set password, change PIN or upgrade firmware. Other functions will work normally.

3 comments:

I'm glad the gamepad functionality is here! I also like that text can be typed faster, though it is already screaming fast.

In fact, is there a way to selectively slow it down? I have a BIOS password that doesn't let me type more than a couple characters per second, which means that password must by typed manually by me instead of via the KeePass2Android compatible app.

"If password protection is not enabled, device will be locked 30 seconds after being plugged into USB port. When locked, it will be not possible to: set password, change PIN or upgrade firmware. Other functions will work normally."

What attack scenario is this preventing? I'm not sure if 30 seconds is enough time for my device to connect to a new InputStick and set an encryption password, especially if I decide to make it a complex password. It seems like a big usability reduction for an unlikely attack scenario.

Of course, I could be reading it wrong or not thinking of some big vulnerability. Either way, could you expand on why you've added this? I'd love to hear more.

Thanks for continuing to update this great device! I am definitely glad I got one.

If you connect within 30 seconds it will remain unlocked as long as you are connected. This is supposed to prevent following scenario: InputStick without password protection is left in USB port, anyone can remotely set password protection and as a result you will be forced to go through "restore defaults" procedure. If InputStick is already password protected then this new feature won't affect its behavior.

As for slower typing, this shouldn't be a problem, I'll try to add such option in next update of the KP2A plugin.